Lead

ROLE PURPOSE

Own the design and engineering of preventative security controls across cloud, infrastructure, identity, and application access.

Act as the technical authority for secure-by-design architectures with strong focus on automation, guardrails, and identity-driven security.

PRIMARY ACCOUNTABILITY OVER

• Cloud, Data & Application Security
• DevSecOps, API, Containers, Serverless
• Security Design for Infrastructure & IAM

KEY RESPONSIBILITIES

1. Security Architecture & Engineering

• Define security architecture standards, principles, and reference patterns.
• Lead solution security design reviews and threat modelling.
• Produce reusable blueprints and engineering guardrails.
• Provide technical assurance and risk recommendations.

2. Identity, IAM & Privileged Access Security

• Architect workforce and workload identity models.
• Design Conditional Access, MFA, RBAC, privileged governance.
• Implement PAM integrations and privileged workflows.
• Define secure authentication and app onboarding standards.
• Establish identity lifecycle (JML) automation.

3. Cloud Security Engineering & Governance

• Design secure landing zones and foundational controls.
• Implement policy baselines and guardrails.
• Drive posture management and drift remediation.
• Engineer encryption, key management, and secrets protection.

4. Application, API & Integration Security

• Define secure authentication and authorization patterns.
• Establish API security controls and gateway standards.
• Implement secrets management for apps and pipelines.
• Provide secure integration templates for SaaS and partners.

5. DevSecOps & Security Automation

• Embed security into CI/CD pipelines.
• Define automated testing and release guardrails.
• Implement policy-as-code and compliance automation.
• Build reusable pipeline security modules.

6. Containers, Kubernetes & Serverless Security

• Define container image and runtime standards.
• Establish Kubernetes security baselines.
• Implement serverless security patterns and monitoring.

7. Partner Oversight & Delivery Governance

• Provide engineering oversight to third parties.
• Define technical requirements and validate delivery.

EXPERIENCE REQUIREMENTS

Essential:

• 8–12+ years in security engineering / architecture.
• Strong IAM and identity security expertise.
• Cloud security architecture experience.
• Automation and DevSecOps integration delivery.
• Secure authentication and federation implementation.

Desirable:

• Azure Security Engineer / CCSP / CCSK.
• SailPoint / Saviynt / CyberArk / BeyondTrust.
• CSPM / CNAPP platforms.
• TOGAF or architecture training.

CORE SKILLS

• Security architecture and threat modelling
• Identity security & privileged access
• Cloud security governance
• API & integration security
• DevSecOps automation
• Containers & serverless security

SUCCESS MEASURES

• Secure landing zone adoption
• Identity risk reduction
• Application onboarding to secure auth
• DevSecOps control coverage
• Reduction in misconfiguration risk

#LI-HS1